smeko

Active Member
Feb 17, 2020
29
2
3
Tirane, Albania
cPanel Access Level
Root Administrator
Hello,
I am new in administrating cPanel and WHM sharing server. One of cPanel account is receiving to many spams that i verified through mail delivery report interface where "from address" was something like [email protected] but the sender is the domain itself which is receiving spams.
What is the reason that cause this problem and how can i prevent that?
Thank you in advance,

Silvi
 
Last edited by a moderator:

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
Could you post the message headers from one such email.
Please obfuscate any sensitive info like real email addresses and IP's.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,394
181
193
Finland
cPanel Access Level
Root Administrator
I am new in administrating cPanel and WHM sharing server. One of cPanel account is receiving to many spams that i verified through mail delivery report interface where "from address" was something like [email protected] but the sender is the domain itself which is receiving spams.
What is the reason that cause this problem and how can i prevent that?
That's quite common, the spammer sets the sender address the same as the address they are sending to. Then it's not possible to block the emails based on the sender's address,
Anyone with a little knowledge can send emails so that they seem to come whatever email address they want.
If you look at the headers of those emails you will see what IP address they are coming from.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
In the circumstance that @quietFinn references and what sounds like is occurring on your server, you can combat this with some finely tuned SpamAssassin rules in a lot of cases

From cPanel>>Mail>>Spam Filters->Additional Configurations -> Calculated Spam Score Settings

The rules as follows may be helpful:


Rule NameRule Details Default Score
FORGED_SPF_HELOUses __HELO_NOT_RDNS && SPF_HELO_PASS && !SPF_PASS to determine validity of mail 1
SPF_FAILDetermines whether or not the SPF Fails 4
SPF_SOFTFAILDetermines whether the SPF has a soft fail status 1.5
SPF_HELO_FAILChecks if HELO matches SPF 4

Each one of these rules can have the default scoring increased or decreased depending on your needs

Configure SpamAssassin

Typically You'd want to enable spam assassin and allow it to flag mail at a certain spam score
  • I generally enable it to flag mail as spam with a spam score of 3 or higher
  • For some purposes this may be too restrictive and you might want to start flagging mail as spam with a spam score of 4-5
  • Once you've got a good grasp on this and you don't see legitimate mail being flagged I advise enabling auto-delete
    • Auto Delete automatically deletes any mail that is scored at X or higher
    • Generally you'll want the Auto-Delete number score to be higher than the number you set to flag as spam
      • If your SpamScore is set to 5, you'd set Auto Delete to 6
      • If your SpamScore is set to 3 you'd set Auto Delete to 4 or 5
 
Thread starter Similar threads Forum Replies Date
L Email 50
M Email 1
P Email 7
D Email 6
F Email 0